My Journey in the Website Security Research Project March 6th, 2025
As I wrap up my Website Security Research Project, I’ve been reflecting on my personal journey—what I’ve learned, the challenges I faced, and how I overcame them. Working on this project solo meant I had to take full ownership of the research, testing, and implementation, which was both a challenge and an opportunity to grow.
Biggest Challenge & How I Solved It
The most difficult challenge I encountered was bypassing payment validation for the Deluxe Membership. Initially, I struggled to understand how the web application processed transactions, and I wasn’t sure where the vulnerability existed. By analyzing HTTP requests, modifying parameters using Burp Suite, and researching real-world payment bypass attacks, I eventually found that the system relied too heavily on client-side validation. The fix? Implementing strict server-side validation to ensure that transactions couldn’t be manipulated through direct API requests.
Did I Have Doubts About Completing the Project?
At first, yes. Security research can be overwhelming, and I questioned whether I would be able to identify and exploit vulnerabilities effectively. However, as I started breaking the project into smaller steps—learning how to conduct XSS attacks, test for SQL injection, and simulate CSRF attacks—I became more confident in my ability to analyze and secure a web application. Now, I feel much more capable of approaching security challenges systematically.
What Would I Do Differently?
If I could start over, I would have planned a structured testing process earlier. Initially, I explored vulnerabilities in an unorganized way, which made it harder to track findings and document fixes. A more methodical penetration testing framework—perhaps using OWASP’s testing guide—would have made my workflow more efficient.
Key Takeaways from the Project
- Security is a continuous process—fixing one vulnerability doesn’t mean the system is secure.
- Client-side validation is not enough—attackers can easily modify requests.
- Burp Suite is an invaluable tool for web security testing.
- Understanding how attackers think is crucial for building secure applications.
- Documenting findings from the start saves time later when implementing fixes.
Final Thoughts
This project has been challenging but rewarding. I’ve gained hands-on experience in ethical hacking, penetration testing, and secure coding, which has strengthened my technical skills. Going forward, I plan to continue learning about advanced security threats and defense mechanisms to further enhance my understanding of cybersecurity.
Read the post...